In some conventionally available biometric identification systems, a scan of the iris is used as the biometric identifier. In these conventional systems, a database of the iris scans of individuals is maintained, either on-line or in a portable token such as a card with a magnetic strip on it.
When the user desires access to a secure area, a current iris scan is taken and this current scan is compared to the scan stored on the token or in the database. If the two scans match within some predetermined acceptable limit, the individual is considered authorized and allowed to proceed into the secure area.
One problem with such a system is that the individual's actual iris scan is stored in the on-line database or on the token. If the token is stolen or if the security of the on-line database is compromised, an individual's iris scan is no longer protected.
From a privacy point of view, an iris scan of an individual can reveal certain aspects of the individual's health. Therefore, if someone unauthorized obtains an individual's iris scan, private medical information may become available to unauthorized people.